The premise behind the emailing is that only the person who has access to the inbox of the email address associated with that account can view the newly reset password.

Anyone can go to the site and click on the "I've forgotten the password for my account named XYZ, please email me a new one".

Complaining to the ISP won't help as there's little likelihood of abuse here. I frequently get password change requests for a different site because my username is 'Rob'. People forget their username, try logging in as 'Rob' with their password and it doesn't work, so they request a password reset.

So you should be safe. That said however, it would be a good idea to make the password a safe and secure one.